Re: [PATCH] staging: rtl8192e: fix potential use after free
From: Dan Carpenter
Date: Tue Nov 05 2019 - 10:00:03 EST
On Tue, Nov 05, 2019 at 10:49:11PM +0800, Pan Bian wrote:
> The variable skb is released via kfree_skb() when the return value of
> _rtl92e_tx is not zero. However, after that, skb is accessed again to
> read its length, which may result in a use after free bug. This patch
> fixes the bug by moving the release operation to where skb is never
> used later.
>
> Signed-off-by: Pan Bian <bianpan2016@xxxxxxx>
Reviewed-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
regards,
dan carpenter